DESCRIPTION

domainjoin-cli

is the command-line version of the
Likewise
AD domain join tool. In a basic invocation,
domainjoin-cli
will join the current machine into an AD domain, enable authentication of AD users, and enable group policy if it is available.

For systems with sensitive configurations,
domainjoin-cli
offers fine-grained control over modifications to system configuration files that are typically required during a join, such as editing
/etc/nsswitch.conf
or the system PAM setup.

USAGE

Commands

domainjoin-cli
supports the following major modes of operation:

join

Joins the machine to the AD domain
domain
and configures AD authentication and group policy (where applicable). This operation requires valid AD credentials for
domain
to be specified as
username
and
password. If
password
is not specified on the command line,
domainjoin-cli
will prompt you for it.

domainjoin-cli
supports joining the machine to a specific OU (Organizational Unit) with
--ouorganizational_unit.

In order to actually disable the machine account in AD, either administrative credentials for
domain
or the same credentials originally used to join the machine must be specified as
username
and
password. If
password
is not specified on the command line,
domainjoin-cli
will prompt you for it.

If no credentials are specified, the machine will no longer behave as a member of
domain
but its machine account will remain enabled in AD.

query

Displays information about the currently-joined AD domain and OU.

fixfqdn

Makes local configuration modifications necessary to ensure that the fully-qualified domain name of the machine is forward- and backward-resolvable. This can work around domain join issues on networks with sub-optimal DNS setups.

setname

Changes the hostname of this machine to
name. As it is necessary to have a unique, non-generic name before joining AD, this operation is provided as a convenient way to quickly rename this computer before performing a join.

Common options

--logfilename

Log details about the operation to
file. If
file
is ".", logging is directed to the console.

--loglevel <error | warning | info | verbose >

Specifies the level of logging information which should be written to the log file.

--help

Displays brief usage and help information. No operation is performed.

Join and leave options

--ouorganizational_unit

Joins the machine to the OU
organizational_unit
instead of the default "Computers" OU. The OU to which a machine is joined determines which users will be able to authenticate against the machine and which group policies will be applied. This option has no effect when leaving a domain.

--enablemodule

Explicitly enables the configuration module
module
during the join or leave operation.

--disablemodule

Explicitly disables the configuration module
module
during the join or leave operation.

Note that some modules are necessary for the proper operation of
Likewise
while joined to AD. If you attempt to disable such a module,
domainjoin-cli
will refuse to proceed with a join operation.

For some modules, it is possible to make the relevant configuration changes by hand;
domainjoin-cli
will inform you of the necessary changes and will proceed with the module disabled if it detects that the changes have been made.

--detailsmodule

Provide details about module
module
and what specific configuration changes it would perform during a join or leave operation. No actual operation is performed.

--preview

Provide a summary of what configuration modules would be run during a join or leave operation. No actual operation is performed.

--advanced

Turns on debugging information during leave and join operations and provides more verbose output when using
--preview. This is generally only helpful when diagnosing unusual system or network configuration issues.

EXAMPLES

Joins the AD domain
sales.my-company.com
using
Administrator
as the username and
rosebud
as the password. This is the typical join scenario.

$ domainjoin-cli --log . leave

Leaves the current AD domain without attempting to disable the machine account as no user credentials were specified. Information about the process will be logged to the console at the default logging level.